Various deviations of system time can be detected in TLS traffic (e.g. HTTPS traffic).
Attacker can modify system time of the target computer (or group of them) via NTP and easily trace TLS connections from anonymous network.

Eavesdropping by exit nodes

Tor doesn't encrypt traffic between an exit node and the target server, so exit nodes are able to capture all unencrypted traffic.
Malicious exit nodes can perform man-in-the-middle attacks on encrypted protocols.

Hidden services

Location hidden services are also vulnerable to timing correlation attack.